“The audit’s primary focus is on the TLS stacks, covering protocol flow, state transitions, and memory management,” Cryptography Services wrote. “We’ll also be looking at the BIOs, most of the high-profile cryptographic algorithms, and setting up fuzzers for the ASN.1 and x509 parsers.”

The team should see preliminary results in early summer.

Cryptography Services held off on the audit until OpenSSL made the codebase stable enough for thorough testing, the largest effort to review it to date.

The Linux Foundation’s initiative represents an “unprecedented drive towards improving security for open source software, and NCC Group is excited to be a part of it,” the group wrote.